Cyberattacks put spotlight on weak Canadian laws, says cybersecurity expert

A New Brunswick cybersecurity expert says high profile data breaches at Sobeys and Indigo point to weak Canadian laws, as vulnerabilities grow against critical infrastructure.

A New Brunswick cybersecurity expert says high profile data breaches at Sobeys and Indigo point to weak Canadian laws, as vulnerabilities grow against critical infrastructure.

“Our current national cybersecurity strategy is woefully out of date,” says David Shipley, CEO of Fredericton-based Beauceron Security Inc. “We are way behind our peers in the United States and Europe.”

Federal legislation are awaiting a second reading to update Canada’s cybersecurity laws. 

“We’re potentially two to three years from those laws being passed and regulations enforced,” says Shipley. “Meanwhile, things have never been this bad online.”

Shipley points to the European Union’s General Data Protection Regulation as being a strong policy for Canadian lawmakers to follow.

“It gave real, meaningful teeth to regulators to rein in tech giants and other companies that were either gathering information about people without their consent, or breaching it because of a lack security,” says Shipley.

Some of the fines can amount up to 20 million Euros, or four per cent of a company’s global revenue.